Tearing Down User Connections Forcibly; Displaying And Maintaining Aaa - 3Com 4500G Family Configuration Manual

user interface. For details regarding authentication method and commands accessible to user
interface, refer to Login Configuration in the System Volume.
Binding attributes are checked upon authentication of a local user. If the checking fails, the user
fails the authentication. Therefore, be cautious when deciding which binding attributes should be
configured for a local user.
Every configurable authorization attribute has its definite application environments and purposes.
Therefore, when configuring authorization attributes for a local user, consider what attributes are
needed.
Configuring User Group Attributes
For simplification of local user configuration and manageability of local users, the concept of user group
is introduced. A user group consists of a group of local users and has a set of local user attributes. You
can configure local user attributes for a user group to implement centralized management of user
attributes for the local users in the group. Currently, you can configure password control attributes and
authorization attributes for a user group.
By default, every newly added local user belongs to the user group of system and bears all attributes of
the group. User group system is automatically created by the device.
Follow these steps to configure the attributes for a user group:
Enter system view
Create a user group and enter user group
view
Configure the authorization attributes for
the user group

Tearing down User Connections Forcibly

Follow these steps to tear down user connections forcibly:
To do...
Enter system view
Tear down AAA user connections
forcibly

Displaying and Maintaining AAA

To do...
Display the configuration
information of a specified ISP
domain or all ISP domains
To do...
system-view
cut connection { access-type
{ dot1x | mac-authentication } |
all | domain isp-name | interface
interface-type interface-number |
ip ip-address | mac mac-address |
ucibindex ucib-index | user-name
user-name | vlan vlan-id }
display domain [ isp-name ]
Use the command...
system-view
user-group group-name
authorization-attribute { acl
acl-number | callback-number
callback-number | idle-cut minute
| level level | user-profile
profile-name | vlan vlan-id |
work-directory directory-name } *
Use the command...
Use the command...
1-21
Remarks
—
Required
Optional
By default, no authorization
attribute is configured for a
user group.
Remarks
—
Required
Applies to only LAN access user
connections at present
Remarks
Available in any view